Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94

CVE-2024-4037 MEDIUM

WP Photo Album Plus <8.7.02.003 - RCE

CVE-2024-36361 MEDIUM

Pug <=3.0.2 - Code Execution via Untrusted Template Name Option

CVE-2024-0867 HIGH

Email Log plugin <2.4.8 - Code Injection

CVE-2024-4662 HIGH

Oxygen Builder <= 4.8.2 - Remote Code Execution via Post Metadata Injection

CVE-2024-33228 HIGH

Insyde Software Corp SEG Windows Driver <100.00.07.02 - Privilege E...

CVE-2024-33225 HIGH

Realtek High Definition Audio Function Driver 6.0.9549.1 - Privilege Escalation

CVE-2024-4261 MEDIUM

Responsive Contact Form Builder & Lead Generation Plugin <1.9.1 - RCE

CVE-2024-31396 MEDIUM

a-blog cms 3.0.0-3.0.31 and 3.1.0-3.1.11 - Authenticated Code Injection

CVE-2024-21683 HIGH

Atlassian Confluence Data Center and Server - Remote Code Execution

CVE-2024-22274 HIGH

VMware vCenter Server - Authenticated Appliance Shell Command Execution

CVE-2024-24294 CRITICAL

Blackprint Engine 0.8.12-0.9.0 - Remote Code Execution via _utils.setDeepProperty Prototype Pollution

CVE-2024-36078 MEDIUM

Zammad < 6.3.1 - Local Code Injection via World-Writable Gem Files

CVE-2024-4264 CRITICAL

litellm - Remote Code Execution via Unsafe Eval in get_secret Method

CVE-2024-31974 MEDIUM

Solarized FireDown Browser & Downloader 1.0.76 - XSS

CVE-2024-33644 CRITICAL

WPCustomify Customify Site Library <0.0.9 - Code Injection

CVE-2024-32680 HIGH

HUSKY - Products Filter for WooCommerce < 1.3.5.2 - Path Traversal and Code Injection via Malicious File Upload

CVE-2024-4181 HIGH

Llamaindex < 0.10.13 - Code Injection

CVE-2024-4202 HIGH

Telerik Reporting <2024 Q2 - Code Injection

CVE-2024-3892 HIGH

Telerik UI for WinForms 2021.1.122-2024.2.514 - Local Code Execution via Untrusted Theme Assembly

CVE-2024-3319 CRITICAL

SailPoint Identity Security Cloud - Authenticated Remote Code Execution via Transform Preview API

CVE-2024-3044 MEDIUM

LibreOffice < 7.6.7.1 - Unauthenticated Remote Code Execution via Graphic On-Click Script Binding

CVE-2024-4144 MEDIUM

Simple Basic Contact Form <20240502 - RCE

CVE-2024-32352 HIGH

TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Authenticated RCE

CVE-2024-32350 HIGH

TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Authenticated RCE

CVE-2024-4605 HIGH

Breakdance < 1.7.1 - Remote Code Execution via Post Meta Data

Previous Page 112 of 261 Next

Details

Vulnerabilities 6,507

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy